postgresql

History

Noah Misch 11da97024a Empty search_path in logical replication apply worker and walsender. This is like CVE-2018-1058 commit `582edc369c`. Today, a malicious user of a publisher or subscriber database can invoke arbitrary SQL functions under an identity running replication, often a superuser. This fix may cause "does not exist" or "no schema has been selected to create in" errors in a replication process. After upgrading, consider watching server logs for these errors. Objects accruing schema qualification in the wake of the earlier commit are unlikely to need further correction. Back-patch to v10, which introduced logical replication. Security: CVE-2020-14349	2020-08-10 09:22:54 -07:00
..
Makefile	Split all OBJS style lines in makefiles into one-line-per-entry style.	2019-11-05 14:41:07 -08:00
libpqwalreceiver.c	Empty search_path in logical replication apply worker and walsender.	2020-08-10 09:22:54 -07:00

Noah Misch 11da97024a Empty search_path in logical replication apply worker and walsender.

This is like CVE-2018-1058 commit
582edc369c.  Today, a malicious user of a
publisher or subscriber database can invoke arbitrary SQL functions
under an identity running replication, often a superuser.  This fix may
cause "does not exist" or "no schema has been selected to create in"
errors in a replication process.  After upgrading, consider watching
server logs for these errors.  Objects accruing schema qualification in
the wake of the earlier commit are unlikely to need further correction.
Back-patch to v10, which introduced logical replication.

Security: CVE-2020-14349

2020-08-10 09:22:54 -07:00

Makefile Split all OBJS style lines in makefiles into one-line-per-entry style. 2019-11-05 14:41:07 -08:00

libpqwalreceiver.c Empty search_path in logical replication apply worker and walsender. 2020-08-10 09:22:54 -07:00